LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-31-2013, 08:35 PM   #1
wombat53
Member
 
Registered: Jun 2005
Location: Australia
Distribution: Linux linux01 3.9.5-301.fc19.x86_64
Posts: 179

Rep: Reputation: 30
Angry WIN/Lx Client Server Connectivity - unable to reach host...IPTABLES problem??


Hi guys
A question.
I have a WIN XP Client, and a Linux Server Fedora 19, 3.9 kernel, with which I was until recently able to connect easily (with SSH).
After a forced clean Linux re-install from scratch due to an implosion, I can do so no longer.
There is basic network connectity per PING being OK.
I cannot access Linux from WIN client with SSH (WinSCP, Filezilla port 22 (SFTP), Putty...nothing).
I have ensured that the Linux firewall daemon is enabled, active, up and running.
I have done the same for the SSH daemon.
I have enabled Linux IPTABLES with systemctl, and manually started it.
I do note that when I start it (the IPTABLES service), it starts, and then quite quickly exits, goes into stopped state.
Is this normal behavior? Is perhaps IPTABLES a service that does not always need to be running, but is only activated on demand?
The net result is that none of the above SSH connectivity tools work, and there is no connectivity - the error message is "network connection timed out" (Putty), and/or can't "reach host", depending on the tool.
Filezilla returns:
Status: Connecting to linux01...
Response: fzSftp started
Command: open "gpeters@linux01" 22
Trace: psftp: Implicit session load.
Trace: Looking up host "10.1.1.4"
Trace: Connecting to 10.1.1.4 port 22
Error: Connection timed out
Error: Could not connect to server
Status: Waiting to retry...
Status: Connecting to linux01...
Response: fzSftp started
Command: open "gpeters@linux01" 22
Trace: psftp: Implicit session load.
Trace: Looking up host "10.1.1.4"
Trace: Connecting to 10.1.1.4 port 22
All suggestions welcome.
Many thanks.
 
Old 11-01-2013, 03:15 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
Quote:
Originally Posted by wombat53 View Post
I have enabled Linux IPTABLES with systemctl, and manually started it.
I do note that when I start it (the IPTABLES service), it starts, and then quite quickly exits, goes into stopped state.
There is no "Linux IPTABLES service". iptables is a ruleset in the Linux kernel and requires no service/daemon to work, just an application to save and load rules whenever you restart the system.

Fedora 19, however, does have an "iptables service", as it's part of the systemd startup architecture and includes a "firewall service" called firewalld.
Quote:
Originally Posted by wombat53 View Post
Is this normal behavior? Is perhaps IPTABLES a service that does not always need to be running, but is only activated on demand?
The only possible job for an "iptables service" would be to manage the iptables rule set. The Fedora documentation seems to indicate that firewalld (which provides a DBUS interface for configuring firewall rules) should be running for this to work. You could try running systemctl enable firewalld.

Alternatively, you may disable the "firewall" services and use a configuration file ("static firewall" in Fedora-speak) instead.
 
Old 11-02-2013, 01:43 AM   #3
wombat53
Member
 
Registered: Jun 2005
Location: Australia
Distribution: Linux linux01 3.9.5-301.fc19.x86_64
Posts: 179

Original Poster
Rep: Reputation: 30
Thanks Olmy. I have tried disabling the firewall (firewalld service) and it makes no difference. I then re-enabled it, and started IPTABLES and the output is below. I am not familiar with static firewall, and reluctant to go there, as this was working seamlessly in a prior install. You can see from the journalctl file that IPTABLES starts up and then almost immediately stops.'
As I asked before, is this normal behavior, to immediately stop IPTABLES after loading it, that they are only loaded once at startup, and then exit?
If it is normal,as I believe it is, then firewall and IPTABLES seems not to be the problem, and I am still seeking guidance:

-- Unit firewalld.service has finished starting up.
--
-- The start-up result is done.
Nov 02 16:32:49 linux01 kernel: Bridge firewalling registered
Nov 02 16:32:49 linux01 kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Nov 02 16:32:49 linux01 systemd[1]: Stopped IPv6 firewall with ip6tables.
-- Subject: Unit ip6tables.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman.../systemd-devel
-- Documentation: http://www.freedesktop.org/wiki/Soft.../catalog/9d1aa
--
-- Unit ip6tables.service has finished shutting down.
Nov 02 16:32:49 linux01 ip6tables.init[2344]: ip6tables: Unloading modules: [ O
Nov 02 16:32:49 linux01 systemd[1]: Stopped IPv4 firewall with iptables.
-- Subject: Unit iptables.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman.../systemd-devel
-- Documentation: http://www.freedesktop.org/wiki/Soft.../catalog/9d1aa
--
-- Unit iptables.service has finished shutting down.
Nov 02 16:32:49 linux01 iptables.init[2343]: iptables: Unloading modules: [ OK
Nov 02 16:32:49 linux01 iptables.init[2343]: iptables: Setting chains to policy
Nov 02 16:32:49 linux01 ip6tables.init[2344]: ip6tables: Setting chains to polic
Nov 02 16:32:49 linux01 iptables.init[2343]: iptables: Flushing firewall rules:
Nov 02 16:32:49 linux01 ip6tables.init[2344]: ip6tables: Flushing firewall rules
Nov 02 16:32:49 linux01 systemd[1]: Starting firewalld - dynamic firewall daemon
-- Subject: Unit firewalld.service has begun with start-up
-- Defined-By: systemd

Last edited by wombat53; 11-02-2013 at 03:21 AM.
 
  


Reply

Tags
firewall, iptables, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to check particular client do not reach at server or going down ? rockstar05 Linux - Networking 3 01-06-2012 04:51 PM
openvpn , unable to reach other host behind it Winanjaya Linux - Networking 3 05-26-2009 02:29 AM
openvpn client couldn't reach other servers behind vpn server jeffhan Linux - Networking 2 08-28-2006 12:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration